RE: switch jamming

[Richard Corley <richard_corley () questsys com>]

The Cisco switch code for many of their switches allows the use of port
security as mentioned below.  However, it is not just a one-to-one
relationship.  You have the ability to set a maximum number of learned mac
addresses per port.  For example you can set port 7/7 to have a maximum of
18 mac address, supporting a fan out hub.  

There are execeptions to this ability.  You cannot set port security on a
trunk port, span port, set cam entries for a secured port, and in some cases
some gig uplink ports...these however are usually trunk port anyway.

If you have Cisco switches you should check out the documentation
specifically relating to port security for your particular switch type.

Rich 

-----Original Message-----
From: Blue Boar
To: Anthony Gruppuso
Cc: vuln-dev () securityfocus com
Sent: 1/31/02 8:15 AM
Subject: Re: switch jamming

Anthony Gruppuso wrote:
> Does anybody know of any switches that can protect against this type
of
> attack, or is virtually every switch affected?  I imagine this is "old
> news," so what have vendors done to counteract this type of activity?

The Cisco switches at least can be secured against this, if you can
live with the inconvenience.  If you have one machine per port, you
can configure the switch to learn the first MAC address it sees,
and then not accept frames from any other address.  This means
that you can't move machines around or changes NICs without the
switch admin resetting the MAC address for the affected ports.  It also
means that you can't chain multiple machines off of any ports
configured that way, say via a hub.

                                        BB